Skip to content

OWASP's top 10 cyber risks for 2021 released


08:00 Friday, 05 November 2021

UK Cyber Security Council

The 2021 update to the Open Web Application Security Project (OWASP) “Top 10” has been released. First published in 2003, the Top 10 is a regularly updated list of what is considered by 40 or so sources to be the ten most important cyber security risks faced by organisations.

Some members of the list remain unchanged since the previous version, which was published in 2017: examples are security misconfigurations, failures with logging and monitoring, and broken access control (this last item having rocketed from fifth place into the number one spot as the top risk). Down from top spot to third place are injection attacks, whose reduction in risk is likely to be down to vastly increased awareness of injection attacks since the last report. New in the Top 10 are entries for insecure design (number four) and server-side request forgery.

While the OWASP Top 10 is merely one of the many tools in one’s cyber security armoury, it is one of the more valuable and widely recognised – to the extent that it is referenced by many security standards and security agencies around the world.

The current top 10 is on OWASP’s site, along with a summary of the changes since the 2017 version.